Kaspersky recently recognized all the DLLs and exes in Bit square as trojans

#1

Quite a while ago, I installed Bitsquare from the main website because I wanted to check out the idea. Yesterday, I loaded up Bitsquare as I had done before. This time, as it was updating, my installation of Kaspersky flagged all of the executable files as trojans. This was very concerning. I don’t know if Kaspersky is attacking Bitsquare, they are false positives, or if I was attacked though an update channel. Has anyone else experienced this?

Edit: I just wanted to post an update to this. I reached out to Kaspersky directly and reported this as a possible false positive. They looked into it and came to that conclusion. Hopefully they will update their client soon.

0 Likes

#2

Please send me by email (manfred at bitsquare dot io) the exact info (report, which file).
Check the exe file you downloaded if it is signed and maybe re-download it to see if it really matches the one u used for installing (if u still have it).

0 Likes

#3

I sent you an email with the reports generated by Kaspersky.
Let me know if you need anything else I may be able to provide.
I did just try a fresh install of Bitsquare and the same thing happened as it was finishing updating again.
I was wrong, the dlls weren’t considered a trojan, they were just accessed by what Kaspersky thought was a trojan.

0 Likes

#4

I downloaded both 32 and 64 bit version for Windows from the site, checked the PGP signatures and scanned both on VirusTotal. 32 bit one was reported as malware only by one (out of 54) antivirus named Qihoo-360, others including Kaspersky checked out fine. 64 bit one had no detection. https://www.virustotal.com/en/file/e7628b3f48dff858c31d4f1bb8fea0ff99525304fa4bcdba41eb47134b2899bb/analysis/1484474950/
https://www.virustotal.com/en/file/07a136227d3dcef61b528cfe320fd83a31caabff7e7359f18d090a1b3363f3c0/analysis/1484474963/
I downloaded binaries from github and they hashed the same with SHA256.

0 Likes

#5

Hello. I have similiar problem, today I have downloaded bitsquare, the 64bit version, and when I opened the file, my Comodo antivirus detected Trojan on the “Bitsquare-64bit-0.4.9.8.tmp” file. Is it false alarm?

0 Likes

#6

Thanks!
As info for others:
@Linrono compared the SHA256 hash of the reported files (Tor binaries) with the one from the Github repo which has not been changes since more than a year and the files matched, so no issue with wrong download.

I checked all our Tor binaries (for all OS) with the binaries from the Tor download archive (https://archive.torproject.org/tor-package-archive/torbrowser/5.0/ for linux32: https://archive.torproject.org/tor-package-archive/torbrowser/4.5.3/) and the SHA256 hashes of all files matched.
So if there was a malware it would have been in the v5.0 of the Torbrowser, which is highly unlikely.

So I consider that as false positive.
I found several reports that Tor was falsely reported as malware by AV software.

1 Like

#7

Can you look where this file is located? There is not such a file in Bitsquare.

0 Likes

#8

The file was located at C:\Users\MyUsername\AppData\Local\Temp\is-CSLQI.tmp\Bitsquare-64bit-0.4.9.8.tmp

0 Likes

#9

I just wanted to post an update to this (I will also update op) I reached out to Kaspersky directly and reported this as a possible false positive. They looked into it and came to that conclusion. Hopefully they will update their client soon. Thanks again everybody.

2 Likes

Detected Trojan while installing BISQ
#10

Great thanks!!!

0 Likes